[TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture - Overclock.net - An Overclocking Community
Forum Jump: 

[TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture

Reply
 
Thread Tools
post #1 of 73 (permalink) Old 03-07-2020, 12:37 AM - Thread Starter
New to Overclock.net
 
Talon2016's Avatar
 
Join Date: Feb 2016
Posts: 141
Rep: 9 (Unique: 8)
[TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture

Quote:
A new paper released by the Graz University of Technology details two new "Take A Way" attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from 2011 to 2019, meaning that the Zen microarchitecture is also impacted.

https://www.tomshardware.com/news/ne...n-architecture

Last edited by andrews2547; 03-07-2020 at 06:27 AM.
Talon2016 is offline  
Sponsored Links
Advertisement
 
post #2 of 73 (permalink) Old 03-07-2020, 12:43 AM
New to Overclock.net
 
Join Date: Jul 2012
Location: Louisiana
Posts: 1,463
Rep: 66 (Unique: 61)
Intel's billions finally found something on AMD.

Quote:
"Additional funding was provided by generous gifts from Intel. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding parties."

"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?
boot318 is offline  
post #3 of 73 (permalink) Old 03-07-2020, 01:06 AM
Otherworlder
 
epic1337's Avatar
 
Join Date: Feb 2011
Posts: 7,449
Rep: 224 (Unique: 129)
Quote: Originally Posted by boot318 View Post
"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?
both plus the website who uses a compromised javascript.
  • the platform that has a security exploit
  • the application that allows such exploit to run
  • the host of the exploit
sadly one of the main source of such exploits (ads) can have such an exploit running without the host site being aware of it, i wonder if the website owner can sue the ads provider for the damages done.

trolling an adult is very dangerous, don't try it at home nor at work. you don't want to play tag with a rabid man.
epic1337 is offline  
Sponsored Links
Advertisement
 
post #4 of 73 (permalink) Old 03-07-2020, 01:58 AM
New to Overclock.net
 
Join Date: Jun 2008
Location: Wilts, U.K.
Posts: 3,622
Rep: 457 (Unique: 389)
I got this feeling that AMD micro-code updates to fix exploits won't be quite as smooth experience for everyone as it was with Intel, we'll see though


Darren9 is offline  
post #5 of 73 (permalink) Old 03-07-2020, 05:23 AM
New to Overclock.net
 
umeng2002's Avatar
 
Join Date: Jul 2010
Location: Florida
Posts: 3,266
Rep: 175 (Unique: 111)
Time for everyone to sell their AMD CPU and get Intel... oh wait...

CPU
AMD Ryzen 2700X
Motherboard
Asus Prime X470-Pro
GPU
EVGA GeForce RTX 2070 XC Ultra
RAM
TeamGroup T-Force 16 GB (2x8) Pro Dark (B-die TDPGD416G3200HC14ADC01)
Hard Drive
ADATA XPG SX8200 Pro 512GB NVMe
Power Supply
Seasonic Focus Plus Platinum SSR-750PX
Cooling
Corsair H80i (not V2 or GT)
Monitor
LG 34UC80-B
Keyboard
Logitech G413
Mouse
Logitech G503 RGB
Audio
Creative SoundBlaster Z (OEM)
▲ hide details ▲
umeng2002 is offline  
post #6 of 73 (permalink) Old 03-07-2020, 05:50 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 2,030
Rep: 55 (Unique: 42)
I wonder if the researchers also needed local administrative access and privileges to install and run malware on the target computer like with getting all of the Intel vulnerabilities to work minus Meltdown, or if it can be done solely with remote unprivileged interaction. That would make a difference if you had to run noscript to be secure. But at least that option already exists if you want to have an instant fix while dealing with your bank related information online.

L5
(17 items)
Lea2
(11 items)
L7
(11 items)
CPU
5775c
Motherboard
Maximus VII Hero
GPU
Aorus 1080ti Waterforce
RAM
16 Gb Gskill Trident @ 2400,cas10,1.575v
RAM
8 Gb Gskill Trident @ 2400,cas10,1.575v
Hard Drive
1Tb Team ssd
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear, Nova 40, 598se, HE4xx, DT990pro w b.boost earpads
Audio
SoundbasterX AE-5, onboard
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb klevv urbane 2133
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
8Gb 1600 samsung
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
24" samsung 1080p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is offline  
post #7 of 73 (permalink) Old 03-07-2020, 06:59 AM
Hardware Maniac
 
bonami2's Avatar
 
Join Date: Mar 2013
Location: Canada qc
Posts: 3,314
Rep: 54 (Unique: 41)
What.... JAVA has being know to be easy to implement malware and stuff in there pluggin for like 15 years. Time to stop using it...

Fx-6300 5.1 5 GHz Overclock Club i7-4790k 5.1 Asus P8P67 |--| i7 2600k 4.5ghz | Corsair H110i GTX ASETEK | DeepCool Matrexx 55 White RGB | Corsair RM 1000X | Crucial MX100 512gb + 4x Kingston 256gb + 2x Wd Blue 4tb | MSI RX 580 8GB |--------| Dell G3 | 1050ti 4Gb | I5 8300H | 2x8GB 2666mhz DDR4 | 2TB Intel nvme |


bonami2 is offline  
post #8 of 73 (permalink) Old 03-07-2020, 07:29 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 2,030
Rep: 55 (Unique: 42)
Quote: Originally Posted by bonami2 View Post
What.... JAVA has being know to be easy to implement malware and stuff in there pluggin for like 15 years. Time to stop using it...
Java =/= JavaScript. They do sound similar though.

L5
(17 items)
Lea2
(11 items)
L7
(11 items)
CPU
5775c
Motherboard
Maximus VII Hero
GPU
Aorus 1080ti Waterforce
RAM
16 Gb Gskill Trident @ 2400,cas10,1.575v
RAM
8 Gb Gskill Trident @ 2400,cas10,1.575v
Hard Drive
1Tb Team ssd
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear, Nova 40, 598se, HE4xx, DT990pro w b.boost earpads
Audio
SoundbasterX AE-5, onboard
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb klevv urbane 2133
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
8Gb 1600 samsung
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
24" samsung 1080p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is offline  
post #9 of 73 (permalink) Old 03-07-2020, 07:36 AM
sudo apt install sl
 
Join Date: Dec 2009
Posts: 6,363
Rep: 188 (Unique: 130)
Not shocking, as AMD's market share increases the more researchers will test AMD's hardware. It was just a matter of time.

Quote:
This has, of course, generated plenty of attention, but it is noteworthy that the study's Intel-funded co-authors have also disclosed Intel vulnerabilities in the past (10 on Intel, including Spectre, Meltdown, and Zombieload, three on ARM, two on AMD, and one on IBM). The lead researcher also responded on Twitter, disclosing that Intel funds some of its students and the university fully discloses the sources of its funding. He also noted that Intel doesn't restrict the universities' academic freedom and independence, and that Intel has funded the program for two years.

Intel has disclosed, as recently as two weeks ago, that it funds research into product security and also awards prizes to researchers for finding holes in its architectures (Intel Bug Bounty program PDF), so this doesn't appear to be a case of Intel directly funding research against its competitor. The paper also engages in responsible disclosure of its funding sources, which makes any nefarious intent questionable. To cover the bases, we've also reached out to Intel for comment on the matter. According to the paper, Intel has already patched a similar vulnerability in its processors.

Silent
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 5.1Ghz w/ 1.36v
Motherboard
Maximus VIII Formula
GPU
Titan RTX @ 2100Mhz/2075Mhz
RAM
TeamGroup Xtreem 32GB 3200Mhz CL15
Hard Drive
HP EX950 2TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector Radeon VII - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Clear Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲

Last edited by WannaBeOCer; 03-07-2020 at 07:44 AM.
WannaBeOCer is online now  
post #10 of 73 (permalink) Old 03-07-2020, 08:12 AM
New to Overclock.net
 
Schmuckley's Avatar
 
Join Date: Jul 2011
Location: FL
Posts: 14,913
Rep: 708 (Unique: 565)
Ask me how much I care? Seriously. This is like that "Oh noees, there's an exploit in GeForce Experience" thread.

Show me an actual instance of the exploit working.

Pah! Tom'sHardware? Javascript in browsers? Well uh-duh!

This has been going on for 20 years, seriously.

Use Netscape Navigator, problem solved!

Or NoScript.

This is not a CPU exploit..not at all.

I wonder how much Intel bribed Tom's to print that load of hot bovine excrement.

This is a total waste of internet. FUD at its epitome.

When that Intel-sponsored school can hack my box and actually do something after I give them my ip, then there's something.

Last edited by Schmuckley; 03-07-2020 at 08:22 AM.
Schmuckley is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off